* Checkpoint
* Add support for custom columns
* Remove old Store and Delegate abstraction
* Fix nits and rewording
* Remove unused mock file
* Update documentation for extension api server
* Remove the need for scheme for ConvertListOptions
* Rename store to utils
* fixup! Remove the need for scheme for ConvertListOptions
* Move watch helper to tests
* Add convertError at a few places
* Ignore misspell on creater
* Fix comments and remove unused params
* Add convertError to missing error returns
* Fix watcher implementation
* Document request.UserFrom and request.NamespaceFrom
The original PR, steve/pull/158 drifted too far from changes
in main, so it's easier to create a new PR:
* Bring in and update DefaultSchemaTemplatesForStore
* Move from based on `master` to `main`
* Update k8s version
* bump lasso to include pull #111
Signed-off-by: Silvio Moioli <silvio@moioli.net>
* Make IsListWatchable public to be reused in other packages
Signed-off-by: Silvio Moioli <silvio@moioli.net>
* Let lasso know whether a type is watchable upon requesting a cache
Signed-off-by: Silvio Moioli <silvio@moioli.net>
* Adapt existing tests
Signed-off-by: Silvio Moioli <silvio@moioli.net>
* Add a test to check watchability is detected correctly
Signed-off-by: Silvio Moioli <silvio@moioli.net>
---------
Signed-off-by: Silvio Moioli <silvio@moioli.net>
* adding NonResourceURLs support to access_store
* added tests to AccessSet NonResourceURLs handling
* change on test script suggested by @tomleb + go mod tidy
* added nonresource to ext api authorization
* added NonResourceURLs implementation in Authorizes + test
* removed non-resource-url tests from the main test
* added new tests for non-resource-urls
* removed unused test data
* changed nonResourceKey to point to struct{}
* addressed comments from @tomleb
* addressed more comments
* fixing typo
* check for empty accessSet
* Refactor ID based partitioning, add unit tests
This resolves an issue where the requested namespace filter was not
always honored.
* Correct naming issues to appease the linter
* changing secret and configmap formatters to return decoded helm data if includeHelmData query parameter is present
* adding tests for gzip magic header
* refactor(accesscontrol): make addAccess directly accept PolicyRules
* refactor(accesscontrol): add new types for encapsulating all needed data
* refactor(accesscontrol): make getRules return resource version
* refactor(accesscontrol): add new getRoleRefs to policyRuleIndex
* refactor(accesscontrol): make accessStore use the new types and method
* cleanup(accesscontrol): remove unused code
* cleanup(accesscontrol): adapt tests
* cleanup(accesscontrol): add some comments and remove unused function
* refactor(accesscontrol): rework indexer to make it more readable and testable
* Fix typo
* test: consistent use of t.Error
* test: refactor policyRulesMock to just use a map
* misc: rename toUserInfo function
* refactor: consistent sort by UID
* Add more fields to index when sql-caching is on.
Misc changes:
- Use the builtin Event class, not events.k8s.io (by looking at the dashboard client code)
- Specify full path to the management.cattle.io fields.
- Map `Event.type` to `Event._type` for indexing.
Use a compound transform-func to first check for a "signal",
and then to run all the relevant transformers until either
one fails or the list is exhausted.
- Includes moving the fakeSummaryCache type into a common area.
Use a simpler way of running transforms.
* Inline the function to get the gvk key.
* Create a '--sql-cache' flag to turn on caching for the steve CLI.
* Improve error-handling in object transformer.
* Drop the 'GetTransform' function.
* Inline the code that transforms a payload into a k8s-unstructured object.
Previously, the formatter for state/relationships was disabled when the
sql cache was enabled, since a transform function was adding those
values before they were added to the cache. However, the get/watch calls
currently don't use the cache, causing the state/relationships to be
missing.
This implements the Imperative API that is served at /ext with Steve. The imperative API is compatible with Kubernetes' API server and will be used as an extension API server.
* refactor(accesscontrol): use interface for AccessStore cache
* refactor(accesscontrol): early return when cache is disabled
* test(accesscontrol): add failing unit test
* test(accesscontrol): skip failing test
* added namespace check to proxy_store create
* added namespaced resources checks and create tests
* Update pkg/stores/proxy/proxy_store.go
* changed error message and added missing name only test
* updated sql/proxy_store
* changed return to use apierror.NewAPIError
---------
Co-authored-by: Felipe C. Gehrke <felipe@localhost.localdomain>
Co-authored-by: Tom Lebreux <tom.lebreux@suse.com>
Adds logic which adds virtual fields resources. This allows these fields
to be sorted/filtered on when the SQL cache is enabled. Id and
metadata.state.name were added as the first two fields.
Prior schema calculations started with openapiv2 models which included a
model for APIGroups. However, new schema calculations use
ServerGroupsAndResources first, which omitted these values. This
re-adds this type using a static schema.
Fixes two bugs with the schema definitions:
- Adds resources that are a part of the baseSchema (but aren't k8s resources).
- Adds logic to handle resources which aren't in a prefered version, but
are still in some version.
Some tests which relied on timeouts were a bit flaky in CI. This PR
refactors a few of them to work on a more reliable method of receiving
from a channel and raises the timeout of another test.
In the original implementation of the definition handler, the resource
list was checked for preferred version, and this overrode the preferred
version of the overall group. However, this logic was inaccurate and
did not use the group as the source of truth on the preferred version
like it should have.
